1#include <tunables/global> 2 3/usr/sbin/nghttpx { 4 #include <abstractions/base> 5 #include <abstractions/nameservice> 6 #include <abstractions/openssl> 7 8 capability setgid, 9 capability setuid, 10 11 /usr/sbin/nghttpx rmix, # allow to run itself 12 /etc/nghttpx/nghttpx.conf r, # allow to read the config file 13 /etc/ssl/** r, # give access to ssl keys 14 15 /{,var/}run/nghttpx.pid lw, # allow to store a pid file 16} 17